1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Commit Graph

4 Commits

Author SHA1 Message Date
Jacob Nevins
8b7458119f Tweak version string resources for EMBED_CHM.
So that it's possible to distinguish the CHMful from the CHMless binary
without running it.
2019-03-16 12:25:23 +00:00
Simon Tatham
67d3791de8 Stop looking for putty.chm alongside the binary.
With this change, we stop expecting to find putty.chm alongside the
executable file. That was a security hazard comparable to DLL
hijacking, because of the risk that a malicious CHM file could be
dropped into the same directory as putty.exe (e.g. if someone ran
PuTTY from their browser's download dir)..

Instead, the standalone putty.exe (and other binaries needing help)
embed the proper CHM file within themselves, as a Windows resource,
and if called on to display the help then they write the file out to a
temporary location. This has the advantage that if you download and
run the standalone putty.exe then you actually _get_ help, which
previously didn't happen!

The versions of the binaries in the installer don't each contain a
copy of the help file; that would be extravagant. Instead, the
installer itself writes a registry entry pointing at the proper help
file, and the executables will look there.

Another effect of this commit is that I've withdrawn support for the
older .HLP format completely. It's now entirely outdated, and
supporting it through this security fix would have been a huge pain.
2019-03-16 12:25:23 +00:00
Simon Tatham
d9369d4a46 Give PuTTYtel its own Windows manifest file.
While grepping for FIXME comments I could get rid of easily, I came
across a completely unexplained one in puttytel.rc, and after a moment
of thought, realised that it was there because PuTTYtel sharing
PuTTY's manifest file means the manifest has the wrong application
name.

Of course I could do something a bit more clever involving having one
copy of the manifest file and templating it to multiple applications,
but I think it would be more pain than it's worth given that the
templating system would have to be compatible with all the makefiles
and run on Windows systems where no sensible scripting was available.
So I just do it the trivial way.
2018-10-06 11:57:59 +01:00
Jacob Nevins
4d48ba62e8 `win-versioninfo': all builds of all Windows binaries now contain
a VERSIONINFO resource. The versioning scheme is described in
windows/version.rc2.

Some .rc files are now #included in others. In order to keep MSVC
project files working, these have been renamed to .rc2; there may exist
a better solution.

(This checkin also includes the documentation tweak missing from r6367.)

Testing performed:
 - MinGW (cross-compiler): works
 - VC nmake: works (tested with VC6)
 - VC project files: builds with VERSIONINFO resource (no VER variable though)
 - Borland: an old version of this patch was tested with it and more or
   less worked, except that some of the VERSIONINFO strings were apparently
   not terminated properly. Not attempted to work around this.
 - LCC: not tested. Some fixes are in there from the last time we tried
   this, but then the build ultimately failed and I haven't tried this
   since that was fixed.
 - Dev-C++: untested. (Haven't done anything special.)
 - Unix Gtk/autoconf Makefiles work as before.

[originally from svn r6374]
[r6367 == f86ad059db]
[this svn revision also touched putty-wishlist]
2005-10-04 14:13:28 +00:00